Security

> Garclak
> Entities
> Enterprise
> Facebook

Facebook Flaw Enabled Users to Launch Powerful DDoS Attacks. Facebook Patched Flaw That Could Be Exploited for DDoS Attacks Facebook has fixed a vulnerability that could have been leveraged to amplify distributed denial-of-service (DDoS) attacks by using the company's own datacenters.

The issue was introduced in May when Facebook started allowing administrators to refresh the links that they share on their pages. Teofil Cojocariu, a researcher with the Cyber Security Research Center from Romania (CCSIR), found a way to exploit this feature to launch DDoS attacks that could have a big impact on smaller websites. First, the attacker finds a large image on the targeted server or website.
Malicious Facebook color changer App infected 10000 Users. Facebook is a privileged target for cyber criminals, in many cases old fraud schema are proposed again by bad actors, it is the case of the bogus Facebook “Color Changer” app.

Researchers at China-based Internet company Cheetah Mobile have discovered a “Facebook colour changer” app in the wild that tricks Facebook users into downloading it via a malicious phishing site. The malicious app has already deceived more than 10,000 mobile users worldwide offering the possibility to customize the layout of the Facebook with different colors.

Privacy

5 more tips to help keep you safe on Facebook. Last month we gave you 5 tips to make your Facebook account safer.

Following on from that, here's another five... 1. Stop search engines from indexing your profile Facebook's great for keeping in touch with friends and family but you might not want just anyone finding your profile via Google or other search engines. Here's how to fix that: Click on the cog icon at the top right of your screen and then click Privacy Settings. Now that you are in the Privacy Settings and Tools area of Facebook, find 'Who can look me up?
' This is likely on by default, so click Edit and then remove the tick from the box which says 'Let other search engines link to your timeline'. Note: It may take a bit of time for search engines to stop showing the link to your timeline in their results so don't expect it to disappear immediately from search results. 2. Just as in real life, some people on the web can prove challenging for a number of reasons.

Now either enter a name or email address and click Block. 3. 4.
Facebook experiment shows feasibility of massive-scale emotional contagion through social networks. Facebook is the subject of a heated debate for a psychological experiment the company has conducted on nearly 700,000 people without their knowledge.

The Facebook experiment was carried out in 2012 and was related to the manipulation of content on users’ newsfeeds to analyze the effect on the user’s sentiment. The Facebook experiment ran from January 11 to 18, 2012 during which the hundreds of thousands of Facebook users unknowingly participating may have felt either happier or more depressed than usual because they visualized the post of their friend.

The study was conducted in conjunction with researchers from the Cornell and the University of California, Facebook filtered users’ news feeds composed by comments, videos, pictures and web links posted by other people in their social network in order to provide evidence of massive-scale emotional contagion through social networks. Is the Facebook experiment ethically correct? The lessons learnt are: Pierluigi Paganini. Facebook totally OK with 'emotional manipulation' experiment on users.

Facebook vulnerability allows to view hidden Facebook Friend List. Facebook is the privileged target for hackers and cybercriminals, the popular social network is a mine of data that could be used to acquire information on a specific target or to conduct criminal activities involving a large audience (e.g.

Serve a malware, conduct a phishing campaign, arrange cyber fraud).Through the analysis of mutual relationship between users an attacker could elaborate the proper strategy to hit a victim, or a group of individuals. There are numerous tools that could be exploited to automatize the reconnaissance process through , and numerous are the functionality that could be used for useful researched.Recently I’ve published a post to describe the work of experts Werrett and Lee that demonstrated how to conduct a powerful analysis using FBStalker, a tool created to find a comprehensive amount of data on any Facebook user.

The feature analyzes Facebook mutual connections, related level, and many other criteria to suggests friends.
Facebook Ends 'Invisibility Cloak' for Users. SAN FRANCISCO - Facebook is ending a feature that allowed users to hide from the social network's billion-plus members.

The feature, akin to Harry Potter's invisibility cloak, will be removed, meaning that someone looking for another Facebook user can more easily find that person. "The setting was created when Facebook was a simple directory of profiles and it was very limited," said Facebook's chief privacy officer, Michael Richter. The setting made Facebook search "feel broken at times," Richter added in a company blog Thursday. "For example, people told us that they found it confusing when they tried looking for someone who they knew personally and couldn't find them in search results, or when two people were in a Facebook Group and then couldn't find each other through search.
"
Facebook FBStalker tool uses Graph Search for powerful OSINT analysis.

Facebook, and more in general social networks, is a platform that if not properly managed could harm user’s privacy, the fact that also friends’ social behavior could have a dangerous impact on our digital experience is very concerning.

Recently at the Hack In The Box conference in Kuala Lumpur, security experts Jonathan Werrett and Keith Lee from SpiderLabs demonstrated how to conduct a powerful OSINT analysis using a simple tool they created, anyone using it could find a comprehensive amount of data on any user of the popular social network. The tool for information gathering on Facebook created by the researchers is named FBStalker, a name that give us the idea of the potential of the instrument. FBStalker reverse-engineers the Facebook Graph to find information on every user, the tool does not require a direct friendship with targeted profiles, it just needs to access to parts of victim’s posts marked as public.
Has Facebook violated its 2011 Federal Trade Commission settlement?
The top six privacy organisations in the US - the Electronic Privacy Information Center, Center for Digital Democracy, Consumer Watchdog, Patient Privacy Rights, U.S.

PIRG, and the Privacy Rights Clearinghouse - sent a joint letter to politicians and regulators on Wednesday asking for some of Facebook's proposed changes to its policies to be blocked. The letter claims that Facebook's proposed changes violate a 2011 privacy settlement with the FTC. Last week Facebook issued proposed changes to its Data Use Policy and Statement of Rights and Responsibilities as part of an agreement that was made in settlement of a class-action lawsuit. That settlement, covering the social giant's routine use of user's names and images for promoting its Sponsored Stories, saw around 614,000 users of the site receive $15 each in compensation for having their personal information used without their consent. The group ended their letter by asking the FTC to do something to help.

Facebook postpones privacy putsch: report. Bug-finder chucked for posting to Zuck. Palestinian Facebook flaw-finder getting $10,000 payday in online appeal. High performance access to file storage A Palestinian IT student who spotted a serious security flaw in Facebook's coding – but was denied payment for it and booted off the social network – could be getting as much as $10,000 after members of the security community rallied around and set up an online compensation fund.

Make sure only your friends can see your profile. Facebook forced me to download their anti-malware, and my own antivirus gets knocked out « Jack Yan: the Persuader Blog. When Facebook says it cares about security, I laugh. Every day I see bots, spammers and click-farm workers plague the site, and despite reporting them, Facebook lets them stay. It will make a statement saying it would no longer kick off drag queens and kings, then proceed to kick off drag queens and kings. So when I was blocked last night from using Facebook on my Windows 10 computer, after using a website with a Facebook messaging plug-in, with the claim that there was malware on the system, I knew something was fishy. Like Google’s false malware accusations—so serious that people have lost websites over them—I knew to take this one with a massive grain of salt. However, I didn’t have a choice: in order to get in to the site, I had to download a Kaspersky malware program, and let it run.

Why Was a Facebook Executive Arrested in Brazil? Encryption.
Facebook and its messaging service WhatsApp have thrown their support behind Apple in its battle over user privacy with the U.S. government. But this issue is not just an American issue, and the United States will not be the only important battleground for companies whose business models rely on user security and privacy. Case in point: Facebook executive Diego Dzodan was arrested by Brazilian police Tuesday morning on his way to work for the same reason Brazilian authorities succeeded — albeit temporarily — in having WhatsApp banned from the country back in December: Encryption. Dzodan — who is still detained at the time of this writing — was arrested because of Facebook’s “repeated non-compliance with court orders,” according to a police press release.